|
General:
• Overview
• Unison1
• Unison2
Current Specs:
• Unison1 Commands
• Data Transfers
Proposed Specs:
• Information Model
• Object
Classes
• Attributes
• Functional Model
• Commands
• Security Model
Project:
• Project Team
> Project Status
• Change Log
Search UH Metadirectory
|
|
UH Metadirectory Project Status
| Date |
Status |
Description |
| 2002-02-03 |
Will use University Relations model for UH org. structure;
OHR's EAC codes will complement it. Russ will consolidate info
from both models upon receiving PeopleSoft data from Julio.
2002-12-11: Julio is waiting for refinements
to Lance's SQR scripts before delivering data to Russ. This is
really an ongoing process that will end when the WPMS is finished.
Deadline moved to 2002-02-03
See 135
|
Transfer organizational structure from PeopleSoft and make sure
Unison2, White Pages and LDAP are compatible (they present the same
info) |
| 2002-12-20 |
Lance's SQR scripts almost done; Julio looking into calling
them directly from Unison.
2002-12-11: Julio finished scripts to process
data from Lance's SQR scripts. Next step is to write code to update
Unison1 and/or Unison2. Need to set up a secure server on poipu
that allows Unison2 to retrieve PeopleSoft changes incrementally.
Deadline moved to 2002-12-20
See 108, 125, 109 |
Fully automated daily updates from PeopleSoft |
| 2002-12-30 |
Julio needs to implement about 18 commands from the Unison1
API and is about 70% set on the Unison2 database schema; Julio/Russ/Chad
need to implement commands that that synch LDAP servers;
2002-12-11: Nothing has been done since November
2002. Deadline moved to 2002-12-30
See 111, 112, 117,
120, |
Unison2 server in Unison1 compatibility mode- start beta test |
| 2002-12-26 |
Need to assign someone to modify trigger to send back ITS Username
as well. Julio will look into it and consult with SCT. Julio needs
to stress test the trigger.
2002-12-11: Julio asked Deb to get SCT consultant
to review past work on trigger. Moved deadline to 2002-12-26
See 121 |
Banner-Unison2 trigger for assigning a uhUuid to new Banner entries
-start beta test |
| 2002-12-15 |
Julio is looking at Charles' SQL scripts for Banner->Unison
synchronization. Will rely on above described trigger to take
care of Unison->Banner synchronization. Will need to write
a job that catches Banner entries without uhUuids that were missed
by the above trigger.
2002-12-11: SQL code provided by Charles. Need
to incorporate it into metadirectory
See 141, 109 |
Fully automated daily(?) updates from Banner |
| 2003-01-21 |
2002-12-11: Moved deadline to 2003-01-21
See 111, 112, 117,
120 |
Unison2 server in Unison1 compatibility mode - deploy
(needed for automating data updates)
(needed before we interface with Banner because it's more stable
and it's faster) |
| 2003-01-21 |
2002-12-11: Moved deadline to 2003-01-21
See 121 |
Banner-Unison2 trigger for assigning a uhUuid to new Banner entries
-deploy |
| 2003-01-21 |
2002-12-11: Moved deadline to 2003-01-21
See 108, 137, 143 |
Instant synchronization of everything with central LDAP service
(LDAP only has currently affiliated entries; uhExpiration attribute
is moot and removed) |
| 2003-01-21 |
2002-12-11: Moved deadline to 2003-01-21
See 143 |
Instant ITS username/password synchronization with email LDAP
server |
| 2003-02-03 |
See 104, 133, 143
2002-12-11: Julio already defined requirements to Zachary. Both are currently finalizing the design. |
Instant ITS username/password synchronization with NIS |
| 2003-02-28 |
See 143, 144 |
All things in place to minimize duplicate entries due to typos
or entries added carelessly without checking for name matches in
existing entries. Start duplicate cleanup here. |
| ??? |
See 142 |
Instant ITS username/password synchronization with Web For |
| ??? |
See 142 |
Instant ITS username/password synchronization with Luminis |
Tasks & Issues
Note: Red denotes new entries
| Item ID |
Status |
Item Description |
| 100 |
Done |
Define UH Metadirectory team charter |
| 101 |
|
Populate metadirectory-l with sysunix staff, ITS Username team
members, campus/unison1 reps, itsmgmt?, banner, peoplesoft |
| 102 |
|
Identify and contact relevant parties: MIS, OHR, UH ID Office(s),
UR |
| 103 |
Only metadirectory-data list has been fully deployed |
Introduce metadirectory@hawaii.edu and metadirectory-data@hawaii.edu.
Automate subscriptions to these mailing lists? |
Quick Wins
| Item ID |
Status |
Item Description |
| 104 |
2002-10-31: ID Management subsystem assigned to one of our
students (Zack)
2002-11-18: Requirements defined; next deliverable is technical
specs; NIS test environment has been set up on lapras.its.hawaii.edu;
2002-12-11: API 70% done. Working on full end-to-end
implementation of the add_user function as a prototype for the
rest of the API. |
Write system to update NIS directly instead of using PRIS. This
will allow for reduction of complexity in the current system, and
instant username creation and instant password resets. |
| 105 |
|
Retire ph/qi, use LDAP, but retain current functionality (keep
students who want to opt in) until there is an application that
fully implements FERPA |
| 106 |
|
Merge metadirectory database schema with white page's database
schema |
| 138 |
2002-10-30: Waiting for response from PAE staff |
Move PAE away from telnetting to special system and have them
use LDAP instead. |
| 145 |
2002-11-18: Assigned to Thang |
Retire unnecessary replication of data via PRIS to make way for
#104 |
Interim Ongoing Processes
| Item ID |
Status |
Item Description |
| 107 |
2002-11-17: Improved programs to detect duplicates and match entries
even though SSN, birth dates and names are misspelled. |
Unison1 data needs a clean-up after Banner data imported |
| 108 |
2002-10-31: Waiting for PeopleSoft data |
Delete all affiliations associated with SIS and PeopleSoft and
redo them from scratch after a strict data delivery schedule has
been defined. This should increase the accuracy of data. |
| 109 |
|
Data still manually transferred to us from the various Unison
"dataorigins". Data delivery schedule is still a "manual"
process |
| 110 |
|
Revoke old unison1 idmgt.users entries (bounced mail, non-existing
usernames, no longer help deskers) |
Future
| Item ID |
Status |
Item Description |
| 111 |
Done in development; deployment waiting for Unison2 to be complete. |
Upgrade Unison1 server from blocking single-thread process to
multi-threaded process |
| 112 |
Revamped data store and affected functionality |
Convert Unison1 data store to an Oracle database |
| 113 |
|
Need to obsolete & incorporate the initial Unison2 DB Schema
submitted to the fileshare |
| 114 |
|
Handle key attribute changes (uhSSN, uhUuid) including swapping,
merging, deleting. Define XML for tracking important changes (uhUuid
changed, SSN changed, name changed, uhUuids merged) |
| 115 |
|
Define Unison2 API |
| 116 |
Information Model done |
Define Unison2 XML schema |
| 117 |
Need team to validate this
2002-10-29: Fine for now; let's discuss applicability when we
discuss #136 |
Standardize on https and XML. Require POST? (See also EDT) |
| 118 |
|
Manage LDAP's special DNs |
| 119 |
Done except for Username life cycle and data delivery & synchronization |
Incorporate UH
Directory Services Synchronization Specs into UH Metadirectory
specifications. Explain what has been deleted/kept if anything |
| 120 |
2002-10-29: Yes, we'll take the path of least resistance and support
Unison1 API to minimize impact on applications that currently use
that API (sunsys CGIs) |
Support Unison1 API? If needed, write a numclient replacement
that proxies between Unison2 server and Unison1 programs. I'd rather
not include legacy Unison1 code into Unison2 List all programs that
use numclient to see what level of Unison1 compatibility is needed |
| 136 |
2002-10-29: We might be able to do away with a database for the
metadirectory although it's not clear how we'll access the miscellaneous
sources of data such as EWC and others whom we might not be able
to query "live". We cannot do away with the data store
on LDAP because then we won't be able to tak advantage of all that
LDAP has to offer. |
Do not replicate data onto a metadirectory database but use middleware
to do a "live" query on sources of data (ie pass queries
through to PeopleSoft and Banner) |
| 137 |
2002-10-31: This is necessary if LDAP is to keep only those entries
that are currently affiliated. Expired entries should not appear
on LDAP. Future expirations are too unpredictable to support and
can lead to incorrect assumptions. |
Remove uhExpiration attribute from LDAP once affiliation information
can be kept up to date |
Student Information Systems
| Item ID |
Status |
Item Description |
| 121 |
2002-11-09: Need to add ITS Username as a return value for
the trigger; need to stress test this trigger
2002-12-11: Julio asked Deb to get SCT consultant
to review past work on trigger. Moved deadline to 2002-12-26 |
Banner trigger for uhUuid needs to be tested |
| 122 |
|
Banner WebFor uses uppercase ITS Usernames and a separate password |
| 123 |
2002-11-18: This is probably acceptable and not
an issue |
Banner Web for Faculty uses its own Q&A to reset its own password |
| 124 |
|
Banner uhUuid trigger by SSN or DOB may not account for all cases
where a uhUuid needs to be generated |
| 141 |
2002-11-08: Julio is looking at Charles' SQL scripts for Banner->Unison
synchronization. Will rely on above described trigger to take care
of Unison->Banner synchronization. Will need to write a job that
catches Banner entries without uhUuids that were missed by the above
trigger. |
Automate daily updates |
Human Resources
| Item ID |
Status |
Item Description |
| 125 |
Extract programs done. Some PeopleSoft data needs to be cleaned.
Need to automate synchronization into Unison1
2002-11-15: PeopleSoft data has been cleaned up. Lance is almost
finished with updated extract programs that include the EAC codes.
Julio is looking into running Lance's SQR scripts directly from
Unison and avoid transferring files.
2002-12-11: Julio finished scripts to process data from Lance's
SQR scripts. Next step is to write code to update Unison1 and/or
Unison2. Need to set up a secure server on poipu that allows Unison2
to retrieve PeopleSoft changes incrementally. Deadline moved to
2002-12-20
|
Automate daily updates |
| 126 |
Done |
Fine-grained PeopleSoft affiliations (e.g. RA, TA) |
| 127 |
|
Add SCOPIS to scheduled data delivery |
| 135 |
2002-10-30: Russ is working with Lance on this.
2002-11-06: Decision made to standardize
on PeopleSoft's EAC columns to describe the UH organizational
structure: add an Orgs branch to LDAP, populate it with EAC numeric
values but expand the "HRIS Narrative" into non-abbreviated
name for the organization.
2002-11-18: Russ found out that "EAC
codes and OHR's list of organizations are incomplete with respect
to all that is under SOEST and perhaps other organizations as
well. For example, MarBEC (Marine Bioproducts Engineering Center)
is not listed under SOEST. This leaves no alternative except to
retain Universiy Relations' department group codes for organizations
as the canonical view of the UH System as they have taken the
pulse of the masses."
|
Add finer-grained organizational information
from PeopleSoft to support requests like SOEST's, but make sure
that Unison2, White Pages and LDAP are compatible (they present
the same info) |
Related Projects
| Item ID |
Status |
Item Description |
| 128 |
See 135 |
Support broadcast email based on affiliation |
| 129 |
|
Track alumni (ohana.hawaii.edu) |
| 130 |
|
Enterprise scheduling capability -- does the metadirectory need
to do anything about this? |
| 131 |
|
Relationship with WebISO and other single sign on efforts? |
| 132 |
Brought to the attention of the Banner team.
2002-10-28: Michael asked Russ to head this effort.
2002-10-31: To be addressed after Banner implementation unless
Banner Team decides to address it sooner. |
FERPA application needed. Unison1's "public" setting (uhRestrict=uhUnlisted)
is not quite the same as FERPA. Student needs to opt-out each semester.
Need to coordinate with each admissions office |
| 133 |
2002-10-31: ITS Systems Engineering staff are favoring Sun's method
after attending LDAP training class. No timeline yet, but most likely
6 months to a year. |
Need to replace NIS with LDAP. Debating whether to use Sun's or
Piet Ruyssinck's method. |
| 134 |
|
Update sunsys.its.hawaii.edu CGI scripts to use Unison2 |
| 139 |
2002-11-18: Russ is converting the LdapUserAuth DLL used by
OHR and DLUS to use LDAPS. Notification of change has been sent
to affected developers via metadirectory-data mailing list. Target
deadline is 2002-12-05
2002-12-11: Moved deadline for sites to stop
using non-SSL LDAP to 2002-12-19. |
Enforce use of LDAP over secure SSL (LDAPS) for all non-anonymous
binds. Depends on 140 and on Web apps being converted.
Various programming languages are used by Web apps. |
| 140 |
2002-11-18: Russ is working on this.
2002-12-11: Still stalled. Thang looking in SunSolve. |
Use SSL for LDAP replication between master and slave servers
to use SSL. |
| 142 |
|
Many synchronization issues are dealt with by the Portal Implementation
and Banner Integration teams |
| 143 |
|
Write code that updates LDAP servers from Unison2/WPMS tables.
Russ/Chad and Julio need to synchronize this task or risk incompatibility
and duplicated effort |
| 144 |
|
Put checks in place to reduce duplicate entries due to typos or
unavailable SSN, birth date, name |
| 146 |
2002-12-11: Russ and Julio talked with John Morton and SCT's Michael
Kennedy. All we need is a way to interface with Oracle and add/modify/delete
Oracle accounts. |
Single Sign On for SCT Datamart (and Banner in general) |
|
